airflow.providers.microsoft.azure.secrets.azure_key_vault

Module Contents

class airflow.providers.microsoft.azure.secrets.azure_key_vault.AzureKeyVaultBackend(connections_prefix: str = 'airflow-connections', variables_prefix: str = 'airflow-variables', config_prefix: str = 'airflow-config', vault_url: str = '', sep: str = '-', **kwargs)[source]

Bases: airflow.secrets.BaseSecretsBackend, airflow.utils.log.logging_mixin.LoggingMixin

Retrieves Airflow Connections or Variables from Azure Key Vault secrets.

The Azure Key Vault can be configured as a secrets backend in the airflow.cfg:

[secrets]
backend = airflow.providers.microsoft.azure.secrets.azure_key_vault.AzureKeyVaultBackend
backend_kwargs = {"connections_prefix": "airflow-connections", "vault_url": "<azure_key_vault_uri>"}

For example, if the secrets prefix is airflow-connections-smtp-default, this would be accessible if you provide {"connections_prefix": "airflow-connections"} and request conn_id smtp-default. And if variables prefix is airflow-variables-hello, this would be accessible if you provide {"variables_prefix": "airflow-variables"} and request variable key hello.

Parameters

  • connections_prefix (str) -- Specifies the prefix of the secret to read to get Connections If set to None (null), requests for connections will not be sent to Azure Key Vault

  • variables_prefix (str) -- Specifies the prefix of the secret to read to get Variables If set to None (null), requests for variables will not be sent to Azure Key Vault

  • config_prefix (str) -- Specifies the prefix of the secret to read to get Variables. If set to None (null), requests for configurations will not be sent to Azure Key Vault

  • vault_url (str) -- The URL of an Azure Key Vault to use

  • sep (str) -- separator used to concatenate secret_prefix and secret_id. Default: "-"

client(self)[source]

Create a Azure Key Vault client.

get_conn_uri(self, conn_id: str)[source]

Get an Airflow Connection URI from an Azure Key Vault secret

Parameters

conn_id (str) -- The Airflow connection id to retrieve

get_variable(self, key: str)[source]

Get an Airflow Variable from an Azure Key Vault secret.

Parameters

key (str) -- Variable Key

Returns

Variable Value

get_config(self, key: str)[source]

Get Airflow Configuration

Parameters

key -- Configuration Option Key

Returns

Configuration Option Value

static build_path(path_prefix: str, secret_id: str, sep: str = '-')[source]

Given a path_prefix and secret_id, build a valid secret name for the Azure Key Vault Backend. Also replaces underscore in the path with dashes to support easy switching between environment variables, so connection_default becomes connection-default.

Parameters

  • path_prefix (str) -- The path prefix of the secret to retrieve

  • secret_id (str) -- Name of the secret

  • sep (str) -- Separator used to concatenate path_prefix and secret_id

_get_secret(self, path_prefix: str, secret_id: str)[source]

Get an Azure Key Vault secret value

Parameters

  • path_prefix (str) -- Prefix for the Path to get Secret

  • secret_id (str) -- Secret Key

Was this entry helpful?